RE: Using FOG to PXE boot into your favorite installer images

Debian 10.7 Standard -Live

1. First we’ll create the required directories:

mkdir -p /images/os/debian/10.7L
mkdir -p /tftpboot/debian/10.7L

# for FOG Server with Redhat based OS
mkdir -p /var/www/html/os/debian/10.7L
# for FOG Server with Debian based OS
mkdir -p /var/www/os/debian/10.7L

2. Now we’ll mount the Debian live DVD over the loop directory. Then we’ll copy the contents of the DVD to the directory we built above.
   I need to explain something here. The iso below is the "standard" version which is the debian console version. If you want to live boot into the debian XWindows interface you will need to download the ISO that contains your desired XWindows manager like Mate, XFCE, KDE, Gnome, etc The instructions are the same for all ISO, just the size if the initrd and squashfs will change

mount -o loop -t iso9660 /{full path where you have the iso stored}/debian-live-10.7.0-amd64-standard.iso /mnt/loop

cp -R /mnt/loop/* /images/os/debian/10.7L
umount /mnt/loop

3. Finally we’ll copy the pxe boot kernel and intfs to the tftpboot directory.

cp /images/os/debian/10.7L/live/vmlinuz-4.19.0-13-amd64 /tftpboot/debian/10.7L/vmlinuz
cp /images/os/debian/10.7L/live/initrd.img-4.19.0-13-amd64 /tftpboot/debian/10.7L/initrd

# for FOG Server with RedHat based OS
cp /images/os/debian/10.7L/live/filesystem.squashfs /var/www/html/os/debian/10.7L
# for FOG Server with Debian based OS
cp /images/os/debian/10.7L/live/filesystem.squashfs /var/www/os/debian/10.7L

4. The last bit of magic we need to do is setup a new FOG iPXE boot menu entry for this OS.
5. In the fog WebGUI go to FOG Configuration->iPXE New Menu Entry
   Set the following fields
   Menu Item: os.Debian.10.7L
   Description: Debian 10.7 Live
   Parameters:
   kernel tftp://${fog-ip}/debian/10.7L/vmlinuz
   initrd tftp://${fog-ip}/debian/10.7L/initrd
   imgargs vmlinuz initrd=initrd boot=live components fetch=http://${fog-ip}/os/debian/10.7L/filesystem.squashfs
   boot || goto MENU
   Menu Show with: All Hosts
6. That’s it, just pxe boot your target system and pick Debian 10.7 Live from the FOG iPXE boot menu.

@rubensurtfe-0 said in How install Debian 10.7.0 on the Fog Project:

according to the grub.cfg file in the iso the kernels args are this

kernel tftp://${fog-ip}/debian/10/vmlinuz
initrd tftp://${fog-ip}/debian/10/initrd.gz
imgargs vmlinuz vga=788 --- quiet 
boot || goto MENU

@rubensurtfe-0 They are in install.amd on the iso image. There is no squash.fs so just use the kernel and the initrd files. Ignore the squashfs line

So if you want the graphical install use the initrd from here /install.amd/gtk/initrd.gz if you want the console installer use this one /install.amd/initrd.gz

For the kernel args use vga=788 --- quiet

It does appear the installer is quite a bit different between 10.5 and 10.7. I’ll create a new entry in my netboot instructions a bit later when I can get this setup in my fog server to test the settings.

@joyboy11111 If the FOG installer created the dhcp server configuration it should look similar to this: https://wiki.fogproject.org/wiki/index.php/BIOS_and_UEFI_Co-Existence#Example_1

If you scroll down in the screen shot you posted you will see this section

    class "UEFI-64-1" {
    match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00007";
     filename "ipxe.efi";
    }

    class "UEFI-64-2" {
    match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00008";
    filename "ipxe.efi";
    }

    class "UEFI-64-3" {
    match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00009";
     filename "ipxe.efi";
    }

so for the uefi-64 entries you want to change filename varialble to snponly.efi

@joyboy11111 No that is not the config file for the dhcp server, that is like the startup options file.

I had to look it up because centos 6 is so long ago. But it looks like the config file is /etc/dhcp/dhcpd.conf

ref: https://www.server-world.info/en/note?os=CentOS_6&p=dhcp

I am a bit surprised that FOG 1.5.x installs on centos 6. But if it works, go with it.

@xcess Well that first link looks and gives guidance to you need to enable the fog server network port as trusted so the dhcp communication is echoed to that device.

The second link, I hoped that would turn on what is missing in the initial OFFER packet from your switch dhcp server (two different paths to solving two different problems, to get your clients pxe booting).

    Client MAC address: 82:5d:c6:8a:7e:48 (82:5d:c6:8a:7e:48)
    Client hardware address padding: 00000000000000000000
>>    Server host name not given
>>    Boot file name not given
    Magic cookie: DHCP
    Option: (51) IP Address Lease Time

Now you said that isc-dhcp server worked?? The reason why I ask is that isc-dhcp server and dnsmasq do the same thing. So why would isc-dhcp server issue IP addresses and dnsmasq does not respond?

Some quick google-fu finds this information

https://community.extremenetworks.com/extremeswitching-exos-233219/acl-to-block-dhcp-bootp-pxeboot-from-all-but-certain-servers-6965720?postid=16750946#post16750946

Where dhcp-snooping might be causing the issue with dnsmasq since the FOG server may not be on a trusted port.

And this one
https://community.extremenetworks.com/faqs-233202/configuring-dhcp-on-the-securestacks-5839969

Specifically these commands

enable Enable automatic address allocation for bootp clients.
disable 
Disable automatic address allocation for bootp
clients. [default]

C2(rw)->set dhcp enable ?
C2(rw)->set dhcp bootp enable ?
C2(rw)->set dhcp bootp disable ?

Where specifically the dhcp OFFER packet from your switch is missing the ethernet header part of the options, maybe the bootp bits of your dhcp configuration is not turned on

@xcess OK so we know (from your screen shots) that dnsmasq is up and running. I assume your tcpdump did not show a DISCOVER or OFFER packet, so I agree with your assessment something in your infrastructure is blocking these broadcast messages. If dnsmasq doesn’t hear the DISCOVER packet it will not give up an OFFER packet.

If your infrastructure is blocking dhcp broadcast messages then your witness computer should also not see any external DISCOVER, OFFER, REQUEST, ACK, or INFORM dhcp messages too.

For some reason dhcp-snooping comes to mind. That might limit the broadcast messages related to the DHCP DORA process to only the computers involved with DHCP startup. It really depends on the switch mfg.

@george1421 Now if you are seeing only the OFFER packet from your dhcp server but no OFFER from dnsmasq (and possibly no DISCOVER packet from your target computer) then it sounds like you have the firewall enabled on the FOG server. You will need to make exceptions for bootp/dhcp as well as tftp to pxe boot. Its also possible that dnsmasq is not running for some reason (like a bad configuration) you can view if dnsmasq is running by keying in sudo ps aux|grep dnsmasq and netstat -an | grep :67

If you don’t see any DISCOVER or OFFER look at your FOG Server firewall.

@xcess said in "Please enter tftp server:" with single dhcp server:

I also have physical computer in the same subnet, that I’m using to examine frames with Wireshark.

Ok this will make debugging a bit easier when everyone on the same subnet. Lets use tcpdump on the fog server (this is the best place to grab the packets because the fog server will listen to both broadcast and unicast messages sent to the fog server) https://forums.fogproject.org/topic/9673/when-dhcp-pxe-booting-process-goes-bad-and-you-have-no-clue Also inspect the pcap in wireshark. Again looking for the 2 offers. At the very least you should see the offer from dnsmasq.

@xcess Ok so you have dnsmasq setup. Do you have a way to pxe boot a computer that is on the same subnet as the FOG server? This can be a physical machine or a vm configured to pxe boot. Our goal here is to get to the FOG iPXE menu. If you have dnsmaq setup and running on your fog server the target computer should pxe boot.

This test will tell us if its the FOG server (dnsmasq or tftp) that is at fault or your network infrastructure.

If it pxe boots then we go to the next step of installing wireshark on a witness computer (third computer plugged into same subnet as your remote computer who needs to pxe boot). Use a wireshark capture filter of port 66 or port 67 then pxe boot the target computer to the error. Look at the packet capture. You should (must) see 2 DHCP OFFER packets. One from your main dhcp server and one from dnsmasq running on the FOG server. I suspect this second OFFER is missing.

@xcess said in "Please enter tftp server:" with single dhcp server:

You are a bit all over the place with this :

I really wanted to utilize our switch (if possible).

My suggestion is suggestion is to use your switch as dhcp server and dnsmasq to provide pxe boot information (only)

As I have already tested this with isc-dhcp server and I know it works.

In this case you are replacing your switch dhcp server with isc-dhcp server, not what you wanted.

So far I’ve option codes 66 and 67 on the switch.

As I mentioned before these are for dhcp booting, what is missing from your DHCP OFFER packet is the bootp info in the ethernet header. Both are required because clients can use either.

Also enabled BOOTPRELAY to the FOG server, but still no joy.

You need that for dnsmasq, Good you did this but will not have an impact until you install dnsmasq configured as ProxyDHCP

Do you believe setting up dnsmasq could help me

Yes

https://forums.fogproject.org/topic/12796/installing-dnsmasq-on-your-fog-server

@rubensurtfe-0 OK I see what you are doing now, you are using FOG as a netboot server. You should have asked your question a bit better. I have a tutorial for Debian 10.5 here: https://forums.fogproject.org/post/136697 I would suspect all of the 10.x installers use the same process.

In the tutorial the names are not specifically named vmlinuz

cp /images/os/debian/10.5L/live/vmlinuz-4.19.0-10-amd64 /tftpboot/debian/10.5L/vmlinuz
cp /images/os/debian/10.5L/live/initrd.img-4.19.0-10-amd64 /tftpboot/debian/10.5L/initrd
cp /images/os/debian/10.5L/live/filesystem.squashfs /var/www/html/os/debian/10.5L

How to install in Fog Project, the New Debian 10.7.0.

Thank You.

Do you have a problem or is this just a general question?

@victor-r Interesting… there must be some other code that is doing that. Rerun the fog installer to put things back.

Just to be sure I’m looking in the right area, you are trying to replicate your images from the FOG server to the windows storage node or are you trying to capture directly to a windows storage node?

@victor-r said in FTP Windows Storage Node:

I will try this.

Worst you can do is break your FOG server…

Just rerun the installer and it will fix everything you tweak in the code.

@victor-r said in FTP Windows Storage Node:

Will Fog ever support storage windows?

There is no plans as far as I know to allow Windows to function as a FOG storage node unless you can run a linux subsystem on it.

@victor-r So if you want to hack up fog there is a way.

vi /var/www/html/fog/lib/fog/fogftp.class.php

This section of code

    126     public function chmod(
    127         $mode,
    128         $filename
    129     ) {
    130         if (!$mode) {
    131             $mode = $this->get('mode');
    132         }
    133         @ftp_chmod(
    134             $this->_link,
    135             $mode,
    136             $filename
    137         );
    138         return $this;
    139     }

remove lines 133 to 137
save the file and reboot the master node.

@victor-r said in FTP Windows Storage Node:

The problem is that windows is not managed by the CHMOD.
Is it possible to remove the CHMOD function from the capture process?

OK I totally missed something here, how did windows get involved with the FOG imaging or replication process? Are you using a windows server as a storage node?

Edit: duh, the very first line of your post. I do have to say that FOG doesn’t support Windows storage node even if I created a tutorial on it. That tutorial is several years old.

@victor-r When you add the storage node to a master node it should update the management user ID and password correctly. If you suspect the password is wrong for some reason you can

1. On the storage node, there is a hidden file /opt/fog/.fogsettings Look at that file and glean the password.
2. On a windows computer ftp to the storage node using the fogproject user ID and the password you gleaned from the .fogsettings file. If you can log in then the password is still accurate. Update the storage node management password with what you gleaned from the file. This password is unique to each install of FOG.
3. While you still have an open ftp session to the storage node, key in cd /images then mkdir test1 then ls does the test1 directory exist? If no then you need to look into permissions. If yes then key in rmdir test1 and you are done.